Military Devices

The listed products focus on encryption solutions for secure radiocommunications. For example, ELCRODAT 4-2 is the leading crypto device for airborne and naval radiocommunications in the German Armed Forces and NATO.

Products

ELCRODAT 4-2

The ELCRODAT products from Rohde & Schwarz protect voice and data communications in digital and analog networks of armed forces and government authorities for all German and NATO security classifications.

The ELCRODAT 4-2 is a fully ruggedized tactical crypto device used to encrypt and decrypt voice and data communications for all German and NATO security classifications. Since it is TEMPEST-proof, it is interoperable with HF/VHF/UHF radio, satellite communications and line transmission equipment. It is ideal for deployment on stationary and mobile platforms in rugged terrain and in naval and airborne environments.

References

The French navy uses the ELCRODAT 4-2 as part of its RIFAN II program (réseau IP de la force aéronavale). The encryption device has also been qualified for operation in advanced airborne platforms such as the Eurocopter Tiger (in Germany and Spain) and the A400M transport aircraft (in Belgium, Germany, Spain, France, Great Britain, Luxembourg and Turkey). The MMC3000, a variant of the encryption device aimed at the global market, is in demand by customers outside Europe.

Key Facts

Voice and data encryption from the highest German security levels up to COSMIC TOP SECRET

Protects HF/VHF/UHF, satellite communications and line transmission

Fully rugged, tamper protected, TEMPEST-proof

Stationary and mobile deployment in all military branches (army, navy, air force)

Multi-Remote Control Software for Windows 7 und MIL-Bus

Approved for all German and NATO classification levels

R&S®MMC3000 Multimode Multirole Crypto Device

The R&S®MMC3000 is a fully ruggedized tactical crypto device used to encrypt and decrypt voice and data communications at the highest security levels. It is based on the ELCRODAT 4-2 but does not contain NATO crypto algorithms. Since it is TEMPEST-proof, it is interoperable with HF/VHF/UHF radio, satellite communications and line transmission equipment. It is ideal for deployment on stationary and mobile platforms in rugged terrain and in naval and airborne environments.

Key Facts

Voice and data encryption to the highest security levels

Protects HF/VHF/UHF, satellite communications and line transmission

Fully rugged, tamper protected, TEMPEST-proof

Stationary and mobile deployment in all military branches (army, navy, air force)

Customizable crypto algorithms for specific user requirements

ELCRODAT 5-4

The ELCRODAT products from Rohde & Schwarz protect voice and data communications in digital and analog networks of armed forces and government authorities for all German and NATO security classifications.

The ELCRODAT 5-4 (ED5-4) is used by military organizations and government authorities for encrypted transmission of voice and data signals in analog and ISDN networks. It provides secure end-to-end encryption, which protects messages against eavesdropping and manipulation attacks along the entire transmission path.

Access to all cryptological functions with personal chip card and PIN code

ELCRODAT 6-2

Secure voice and data communications in ISDN up to TOP SECRET classification level.

The ELCRODAT products from Rohde & Schwarz protect voice and data communications in digital and analog networks of armed forces and government authorities for all German and NATO security classifications.

The ELCRODAT 6-2 is the first encryption unit approved by the German Federal Office for Information Security (BSI) for the transmission of information classified up to TOP SECRET, which uses a public key method for key agreement. In conjunction with the public key method, the noise generator implemented in the encryption unit permits mutual authentication and key agreement. New session keys are generated in the encryption unit for each connection. The keys do not leave the units and are deleted after the session, ensuring maximum security. Access for users and administrator is secured by state-of-the-art processor chip cards.

The system is available in two versions: ELCRODAT 6-2 S and ELCRODAT 6-2 M.

Version "S" is used for Euro-ISDN basic rate access (S0 bus/port). It is the secure supplement to existing Euro-ISDN terminals or PBXs.

Version "M" is used for Euro-ISDN primary rate access (S2M port) and permits simultaneous individual encryption of up to 30 channels. A typical application of this version is the 2 Mbit/s port encryption at the frontend of ISDN PBX systems.

The devices are connected between commercial ISDN terminals and the ISDN access point. For the network, the encryption devices act like terminal equipment. For terminal equipment, the ELCRODAT 6-2 acts as a network termination (NT).

The ELCRODAT 6-2 high-end encryption system consists of the following components:

R&S®TrustedFilter IP

Real-time capable information flow between security domains

The R&S®TrustedFilter IP separates IP networks with different classification levels. It applies deep packet inspection to all passing packets to prevent the unwanted leakage of classified information. If a packet violates the configured filtering rules the packet is dropped and the event is logged.

The R&S®TrustedFilter IP supports the filtering of VoIP traffic (SIP, RTP) and of various radio control protocols. It is possible to add further filter rules for other protocols as necessary. Filtering is performed stateless focusing only on the current processed packet. Additionally, the R&S®TrustedFilter IP can be configured to only allow communication between certain devices in both networks. The IP addresses of the higher-classified network can be hidden from the lower-classified networks using network address translation (NAT). Audio data sent from the higher-classified network to the lower-classified network may only pass the R&S®TrustedFilter IP if they bear a correct cryptographic signature. The filter configuration of the R&S®TrustedFilter IP is easily configured using its management system.

The R&S®TrustedFilter IP is based on the R&S SIT Cryptodevice-Platform, which is embedded Linux based and uses hardware developed and manufactured by R&S. The R&S SIT Cryptodevice-Platform offers among others the following security features:

Separation of networks with different classification levels

Hardware security module

Secure boot

Security management and configuration system

System and security log

CIK for classification, configuration, and detamper oft he devices

Emergency clear and tamper proteciton

Key Facts

Whitelist filters with deep packet inspection

Kryptographic verification of the classification of voice data

Blocks not authorized network traffic

Not authorized network traffic is dropped and logged

Red-black separation and TEMPEST according to SDIP27 Level C

Secure Boot, Secure Update, Secure Remote Management

R&S®FT5066 Trusted Filter

Radio control information filter – red/black separation to STANAG

The R&S®FT5066 trusted filter is developed for a scenario consisting of a STANAG 5066 message handling application involving a radio and/or modem interface and a remote control protocol. The device provides firewall functionality for the radio’s control information. Inserted in the control path of a system, the filter provides a strict red/black separation. This ensures that only explicitly permitted control commands are transmitted and prevents (un)intentional data leakage over the control interface.